IBM Computing
Security Engineer - DevSecOps
IBM Computing, Washington, District of Columbia, us, 20022
IBM Security Engineer - DevSecOps in Washington, District Of Columbia
IntroductionInformation and Data are some of the most important organizational assets in today's businesses. As a Security Consultant, you will be a key advisor for IBM's clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.Your Role and ResponsibilitiesThe DevSecOps Security Engineer will support dynamic and static analysis (DAST and SAST) of code for multiple applications using Fortify and work across technical teams to support the remediation of findings. The DevSecOps Security Engineer will support a large team of infrastructure, security, and application teams during the migration of on-prem and cloud applications to the client Azure Government enclave. The security engineer will configure, operate, and maintain Security Code Scanning tools (Fortify). The engineer will provide support for security assessment and authorization/ATO process, and security audits.Required Technical and Professional Expertise5+ years experience supporting secure DevSecOps practices using FORTIFY.5+ years experience running Dynamic and Static Application Security Testing (SAST).5+ years experience working with source version control, build/release tools, and methodologies.5+ years experience with CI/CD pipelines.5+ years experience with the software build process.5+ years experience supporting backups and disaster recovery.5+ years experience maintaining access control and the integrity of data throughout the platform.5+ years experience designing, developing, evaluating, and modifying systems and systems-oriented products.5+ years experience configuring, deploying, maintaining, and optimizing security code scanning tools (Fortify).Work with the development and infrastructure teams to remediate findings.Perform Cyber Supply Chain Risk Management (C-SCRM) activities to include configuring, deploying, and maintaining SCRM tool (Mend) and analyze reports.Support Security Assessment and Authorization / ATO process.Bachelors Degree and a minimum of 5 years experience. Additional years of experience may be accepted in lieu of the degree.Ability to acquire a Public Trust Background investigation.Certified in industry recognized areas such as CISSP, CISA, or CISM.Familiarity with NIST 800-53, FISMA, FedRAMP.Preferred Technical and Professional ExpertiseExcellent organization, collaboration, project management, and team leadership skills.Strong communication skills and experience creating and delivering compliance status and metrics briefings to senior leadership.2+ years experience executing security compliance in multi-cloud or DevSecOps environments.2+ years experience coordinating across security, IT operations, audit, and development groups to achieve security outcomes.Security certification in one or more cloud environments (Azure, AWS, Google...).About Business UnitIBM Consulting is IBM's consulting and global professional services business, with market leading capabilities in business and technology transformation. With deep expertise in many industries, we offer strategy, experience, technology, and operations services to many of the most innovative and valuable companies in the world. Our people are focused on accelerating our clients' businesses through the power of collaboration.Your Life @ IBMIn a world where technology never stands still, we understand that dedication to our clients' success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.About IBMIBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason, and science, we can improve business, society, and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.Location StatementIBM offers a competitive and comprehensive benefits program. Eligible employees may have access to various healthcare benefits, financial programs, generous paid time off, training resources, and more. The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience, and location.Being You @ IBMIBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics.
#J-18808-Ljbffr
IntroductionInformation and Data are some of the most important organizational assets in today's businesses. As a Security Consultant, you will be a key advisor for IBM's clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.Your Role and ResponsibilitiesThe DevSecOps Security Engineer will support dynamic and static analysis (DAST and SAST) of code for multiple applications using Fortify and work across technical teams to support the remediation of findings. The DevSecOps Security Engineer will support a large team of infrastructure, security, and application teams during the migration of on-prem and cloud applications to the client Azure Government enclave. The security engineer will configure, operate, and maintain Security Code Scanning tools (Fortify). The engineer will provide support for security assessment and authorization/ATO process, and security audits.Required Technical and Professional Expertise5+ years experience supporting secure DevSecOps practices using FORTIFY.5+ years experience running Dynamic and Static Application Security Testing (SAST).5+ years experience working with source version control, build/release tools, and methodologies.5+ years experience with CI/CD pipelines.5+ years experience with the software build process.5+ years experience supporting backups and disaster recovery.5+ years experience maintaining access control and the integrity of data throughout the platform.5+ years experience designing, developing, evaluating, and modifying systems and systems-oriented products.5+ years experience configuring, deploying, maintaining, and optimizing security code scanning tools (Fortify).Work with the development and infrastructure teams to remediate findings.Perform Cyber Supply Chain Risk Management (C-SCRM) activities to include configuring, deploying, and maintaining SCRM tool (Mend) and analyze reports.Support Security Assessment and Authorization / ATO process.Bachelors Degree and a minimum of 5 years experience. Additional years of experience may be accepted in lieu of the degree.Ability to acquire a Public Trust Background investigation.Certified in industry recognized areas such as CISSP, CISA, or CISM.Familiarity with NIST 800-53, FISMA, FedRAMP.Preferred Technical and Professional ExpertiseExcellent organization, collaboration, project management, and team leadership skills.Strong communication skills and experience creating and delivering compliance status and metrics briefings to senior leadership.2+ years experience executing security compliance in multi-cloud or DevSecOps environments.2+ years experience coordinating across security, IT operations, audit, and development groups to achieve security outcomes.Security certification in one or more cloud environments (Azure, AWS, Google...).About Business UnitIBM Consulting is IBM's consulting and global professional services business, with market leading capabilities in business and technology transformation. With deep expertise in many industries, we offer strategy, experience, technology, and operations services to many of the most innovative and valuable companies in the world. Our people are focused on accelerating our clients' businesses through the power of collaboration.Your Life @ IBMIn a world where technology never stands still, we understand that dedication to our clients' success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.About IBMIBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason, and science, we can improve business, society, and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.Location StatementIBM offers a competitive and comprehensive benefits program. Eligible employees may have access to various healthcare benefits, financial programs, generous paid time off, training resources, and more. The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience, and location.Being You @ IBMIBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics.
#J-18808-Ljbffr